An attacker could craft a malicious web page which, when accessed using Dillo, would trigger the format string vulnerability and potentially execute arbitrary code with the rights of the user running Dillo.